Metaforic crosses swords with software pirates

By Neil Roiter, Senior Technology Editor, Information Security magazine 29 Oct 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The market for pirated software is enormous, so it's no surprise that there's a growing market for antipiracy/antitampering software in response. Glasgow, Scotland-based Metaforic Ltd., the newest vendor in what analysts have dubbed the application hardening market, debuted its MetaFortress product in April and announced its entry in North America this week.

Software piracy: How to prevent software piracy: Security management pro Mike Rothman discusses several ways organizations can prevent software piracy and protect their intellectual property. Application hardening tools help repel software pirates: Application hardening vendors can make life difficult for software pirates, forcing them to turn to more profitable, low-hanging fruit.

IDC and the Business Software Alliance estimate that a third of the global software market is for pirated copies -- tens of billions of dollars, mostly in Russia, China and Vietnam. The theft runs the gamut from games and standard business applications, such as Microsoft Office, to high-end specialty code worth hundreds of thousands of dollars that businesses in emerging markets can purchase for a fraction of their legitimate price.

Software crackers may reverse-engineer the code or simply break the licensing protection, the low hanging fruit in many cases.

MetaFortress runs an analyzer on code to determine where and how to insert protections and then embeds the protections in the program at compile time. Like other products in this space, this approach allows organizations to separate antitampering measures from the development process if they choose, which will improve efficiency and sidestep messy turf battles within an organization.

Chief competitors in this space are Arxan Technologies Inc., Cloakware Corp., PreEmptive Solutions LLC and V.i. Laboratories Inc. They use a variety of sophisticated obfuscation techniques well beyond standard obfuscation inserted by developers, and dynamic encryption methods far stronger than the usual encryption "wrappers" that can be cracked by capturing and decompiling code at run-time.

SearchSecurity radio:

MetaFortress' differentiators in the market are ease of deployment and the ability to debug code after the solution has been applied, said Andrew McLennan, CEO at Metaforic The latter is an important tool to help certify compliance for software interoperability.

"With debugging, you can disprove that security has any influence on or is interfering with the software; it's a comfort for the customer." McLennan said. "You can continue to pass unit tests or integration compliance regimes that all large software vendors run on their applications."

McLennan said this will be especially valuable with virtualization software and for Windows.

Tags: Software Development Methodology,  Data Analysis and Classification,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Software Development Methodology Adobe patches ColdFusion vulnerability blocking website attack nCircle statistics show rising Web application vulnerabilities Common PCI questions: Web application firewalls or source code review? Juniper pulls ATM hacking presentation from Black Hat V.i Labs integrates Google maps to track software piracy Software Piracy pandemic needs government role, better vendor antipiracy plans Software piracy losses total $53 billion, study finds Google study backs browser silent auto update feature Secure software development starts before coding begins Security budget issues to resonate at RSA Conference Data Analysis and Classification Compliance in the cloud Database monitoring, encryption vital in tight economy, Forrester says Best practices for log data retention Simplicity is key to data classification projects HIPAA changes force healthcare to improve data flow Can read/write access policies be put on a SAN server? Microsoft to embed data classification, strengthen ties with DLP RSA attendees see data classification, rights management projects stumble Product review: Titus Labs' Message Classification Product review: Workshare Professional 5 Data Analysis and Classification Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bypass  (SearchSecurity.com) Common Weakness Enumeration  (SearchSecurity.com) debugging  (SearchSoftwareQuality.com) fuzz testing  (SearchSecurity.com) heuristics  (SearchSoftwareQuality.com) sandbox  (SearchSecurity.com) threat modeling  (SearchSecurity.com) trigraph  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary